//package com.ssl.gateway.oauth;
//
//import com.alibaba.nacos.common.utils.ConcurrentHashSet;
//import org.apache.commons.lang3.StringUtils;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.security.authorization.AuthorizationDecision;
//import org.springframework.security.authorization.ReactiveAuthorizationManager;
//import org.springframework.security.core.Authentication;
//import org.springframework.security.oauth2.provider.OAuth2Authentication;
//import org.springframework.security.web.server.authorization.AuthorizationContext;
//import org.springframework.util.AntPathMatcher;
//import org.springframework.web.server.ServerWebExchange;
//import reactor.core.publisher.Mono;
//
//import java.util.Set;
//
//@Configuration
//public class AccessManager implements ReactiveAuthorizationManager<AuthorizationContext> {
//    //存放不需要进行token校验的路径（正则表达式）
//    private Set<String> permitAll = new ConcurrentHashSet<>();
//    //正则校验器
//    private static final AntPathMatcher antPathMatcher = new AntPathMatcher();
//
//    public AccessManager() {
//        //对于我们获取token的/oauth/token，人家正在获取token的路上，本身没有token
//        //必须放行
//        permitAll.add("/**/oauth/**");
//    }
//
//    //决定是否放行的最终函数
//    @Override
//    public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, AuthorizationContext authorizationContext) {
//        ServerWebExchange exchange = authorizationContext.getExchange();
//        return authentication.map( auth ->{
//            String path = exchange.getRequest().getURI().getPath();
//            //放行的path
//            if (checkPermit(path)){
//                return new AuthorizationDecision(true);
//            }
//            if (auth instanceof OAuth2Authentication){
//                OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) auth;
//                String clientId = oAuth2Authentication.getOAuth2Request().getClientId();
//                if (StringUtils.isNotEmpty(clientId)){
//                    return new AuthorizationDecision(true);
//                }
//            }
//            return new AuthorizationDecision(false);
//            });
//
//    }
//
//    private boolean checkPermit(String path) {
//        return permitAll.stream().filter(p -> antPathMatcher.match(p,path)).findFirst().isPresent();
//    }
//}
